The Intelligent Sandbox updated content package for versions 4.10, 4.12, 4.14, 5.0, and 5.2 is now available.
This detection package adds detection updates to Intelligent Sandbox, and includes the following changes:
New Rules:
- Coverage for Albabat ransomware
- Coverage for Strvn Trojan
- Coverage for DLRat malware family
- Rules to detect boot signature removal from master boot records
- Rules to detect Trojans collecting system information
- Rules to detect attempts to identify emulation environments
Updates to Digital Signature Database:
The following changes are made to the Digital Signature Database:
The following changes are made to the Digital Signature Database:
- Added 1441 new key hashes
Updated Machine Learning Model:
The detection package contains an updated ML Model for dll samples executed in Windows 10 VM.
The detection package contains an updated ML Model for dll samples executed in Windows 10 VM.
This detection package is released using the common detection package format. To install and apply a common detection package, either use Intelligent Sandbox 5.2.2 or a newer version, or install a patch of KB96550 - How to enable support for the Intelligent Sandbox and Advanced Threat Defense common detection package if your Intelligent Sandbox is version 5.2.0 or earlier.
See KB96550 - How to enable support for the Intelligent Sandbox and Advanced Threat Defense common detection package for details about the common detection package format.
Package build number: 5.2.4.240213
Customers can update to the detection packages using the following two options:
- Product UI: Access on the Intelligent Sandbox (ATD) UI at Manage, Image & Software, Content Update, Detection Pkg
- Download Server: Customers can download the content updates, behind appropriate grant numbers, from the Download Server.
For more information, see the Release Notes.